Pyrasp

New features
- New XSS and SQL injection machine learning engines

Improvements
- SQL Injection grammatical analysis was removed to improve performances and lower false-positive rate

Bug fix
- XSS and SQL injection tests won't fail when model is not loaded
- Fix Base64 decoding, which was a little bit too invasive
- Log only mode was sending empty response on Flask

Limitation
- Version 0.8.3 is not available on AWS Lambda Functions
- AWS Lambda support will be provided in next version

New feature
- Attack details display with verbose level = 100+

Improvements
- Improved JSON data analysis recursion
- Lowered TCP logs connection timeout

Bug fix
- Removed a debug output when analyzing json data
- Specific payloads may crash XSS detection engine
- Fixed an SQL Injection false positive
- Fixed requirements.txt for build from sources

New features
- **Zero-Trust Application Access**

Improvements
- Noticeably improved documentation by fixing typos, dead links, etc.

Bug fix
- Fixed several issues in agents for AWS, GCP and Azure serverless functions
- XSS check would fail while testing very specific JSON content

License
- License changed to **CC BY-NC-SA 4.0** (https://creativecommons.org/licenses/by-nc-sa/4.0/)

New features
- Application routes are sent when first connecting to configuration server (cloud operations)
- New API functions:
- set_config(): change configuration from the protected application
- get_routes(): get routes defined in the applications

Improvements
- Handling of nested base64-encoded JSON structures
- Added explicit versions in dependencies requirements

Bug fix
- No security engine was activated when running with default configuration

New features
- Added detection engine and machine learning score in SQLI and XSS attack logs
- Added request path in JSON security logs

Improvements
- Improved JSON extraction from headers values
- Improved SQL injection grammatical analysis to prevent some false-positive
- Country identification in logs can be disabled via the RESOLVE_COUNTRY configuration option
- Leaked data can be logged by setting the DLP_LOG_LEAKED_DATA configuration option to True (default: False)

Bug fix
- Some cookie values were not properly processed
- PyRASP would crash at launch if SQL injection or XSS protections are not activated

New features
- PyRASP classes API

Improvements
- **Improved ML engines for SQL Injection and XSS detection**
- Default SQL Injection detection probabilities raised to 0.85
- Default XSS detection probabilities raised to 0.70
- Attack payloads are now base64 encoded in logs

Bug fix
- Flask agent was still processing page, even if attack was detected